CVE-2022-0424

Name of the Vulnerable Software and Affected Versions The Popup by Supsystic WordPress plugin versions prior to 1.10.9

Description The issue concerns a lack of authentication and authorization in an AJAX action, allowing unauthenticated attackers to call it and obtain the email addresses of subscribed users.

Recommendations For versions prior to 1.10.9, update to version 1.10.9 or later to resolve the issue. As a temporary workaround, consider disabling the vulnerable AJAX action until a patch is available. Restrict access to the AJAX endpoint to minimize the risk of exploitation. Avoid using the affected plugin until the issue is resolved.